feat: TokenBridge

[onnovisser]

Product requirements

• TokenBridge compatible with Glacis Airlift
  https://www.notion.so/LiFi-bridging-contract-2b62eac24e178072a5a3ed17ebe770e3?source=copy_link

Design notes

• Takes custody of user's share tokens before calling Spoke.crosschainTransferShares
• Remaining msg.value optionally gets sent to a relayer, which can be set by the ProtocolGuardian
• ProtocolGuardian has to file chain ID -> cent ID mapping, because Airlift only submits a destination chain ID
• extraGasLimit and remoteExtraGasLimit configurable by FM

TODOs

• Maybe change cent ID file method to allow setting multiple IDs at once

[lemunozm]

Original PR for reference: https://github.com/centrifuge/protocol-internal/pull/74

[wischli]

Thanks for re-opening and good job on putting this all together. I have a few questions before merging though.

[wischli]

Q for all of us: Should this contract implement Recoverable to protect against accidently sent tokens?

[lemunozm]

Looks like it's never used as a target for receiving tokens. I would say not (?)

[wischli]

Nit: We can use calldata payload. I discovered this as part of optimizing ARM size code. We still have several code paths in the repo using memory despite the interface declaration of calldata.

Suggested change

	function trustedCall(PoolId poolId, ShareClassId scId, bytes memory payload) external auth {
	function trustedCall(PoolId poolId, ShareClassId scId, bytes calldata payload) external auth {

[wischli]

Should this really be public or instead external?

[wischli]

CR: Should use safe method from Mathlib to improve debugging in case this edge case occurs

Suggested change

	uint128(amount),
	amount.toUint128(),

[wischli]

Nit: We should move this up before the actual transfer because it is theoretically fallible such that we can save costs in case this check fails.

[wischli]

Wanted to flag these are not yet used in the codebase

[wischli]

Same here

[wischli]

Great tests! Could you add one for revoking a chain mapping by setting centrifugeId to 0 and then verifying send() reverts? And maybe also one for catching uint128(amount) overflow.

[wischli]

Nit: Incorrect camelcase

Suggested change

	function testfileCentrifugeIdSuccess() public {
	function testFileCentrifugeIdSuccess() public {

[wischli]

Suggested change

	function testfileCentrifugeIdRevertWhenNotSafe() public {
	function testFileCentrifugeIdRevertWhenNotSafe() public {

[lemunozm]

Some minor organizational comments, agree with William regarding the allowance/approval part. IIUC, we should change that.

But code looks really good!

[lemunozm]

Nice idea to reduce bytecode!

[lemunozm]

From my experience, file() methods for things other than dependencies can be somewhat messy in the end and difficult to handle. Could we use here a "normal" name like setDestination(evmChainId, centrifugeId) or something similar?

[lemunozm]

Maybe then we should move send(..) to its own interface like IGlacisAirliftTransfer or so? to reflect that and ensure this method signature remains immutable.

Do you have a reference for where this method is defined?

[lemunozm]

Yes, I also think the allowance is never checked. I think approval is something the user of TokenBridge should do before call to TokenBridge for leave TokenBridge to handle the transfer funds.

[lemunozm]

Why not always to the refundAddress? No fully understand the need of the relayer, could you extend?

[lemunozm]

Looks like it's never used as a target for receiving tokens. I would say not (?)

[lemunozm]

IIUC, the relayer does not imply any new interaction with the system regarding the normal testSendSuccess(). I think the good usage of the relayer is already covered by UTs, could it be?